I think you are conflating physically signing a doc, with digital signature. When you use a digital pen to sign a doc, your signature does not matter, it's completely cosmetic. The doc is signed under the hood electronically using PKI with a trusted chain based on how you authenticated to the signing application. On Wed, Apr 12, 2023 at 4:11 PM D. Hugh Redelmeier via talk <talk@gtalug.org> wrote:
| From: James Knott via talk <talk@gtalug.org>
| The proper way to do digital signatures is with X.509 certificates. When I was | at IBM, in the late 90s, we used them in Lotus notes. There are some public | key sources available, but it's not very common outside of large | organizations.
Maybe.
The troubles include:
- issuers should take on the responsability to validate what they are vouching for. It is hard to make this simultaneously useful and inexpensive.
- cert vendors are mostly rent-seeking. That goes with the territory of being at the top of a hierarch
- X.509 is complicated in ways that are not useful
The PGP web of trust is/was interesting but it doesn't seem to work for most people. Perhaps due to lack of motivation. --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk